Small and medium-sized businesses (SMBs) are a major target of malware, phishing, viruses and other cybersecurity threats—so much so that 61% of data breaches affect small businesses.
Cybercriminals go after small businesses for a number of reasons. Many small- or medium-sized business owners are faced with endless decisions. Cybersecurity often ends up falling low on the list of priorities, leaving holes and vulnerabilities in their networks. Hackers also target small businesses as a stepping stone before infiltrating larger companies.
Security breaches are devastating for SMBs—few survive them. According to the National Cyber Security Alliance, nearly 60% of all SMBs fold within six months of a successful cyber attack.
SMB owners may underestimate their cyberattack risk level because they don’t feel they have anything of value to hackers. But any SMB can become a target—in fact, most are. Ransomware, which involves the holding of company information for money, has become an expensive problem for many SMBs.
SMBs need to protect themselves from cyber attacks—especially during the COVID-19 pandemic, with more people working from home on less secure networks. Here’s what you can do to protect your SMB from cyber attacks.
Assess Your Risk
Before you devise a cybersecurity plan, assess your vulnerabilities. The Cyber Resilience Review is a no-cost assessment you can use to help determine where there are digital holes in your company.
Once you’ve determined where you need to beef up your cybersecurity, establish a company-wide strategy to combat cybercrime—determine company cybersecurity policies and appropriate internet use guidelines for employees.
As you create these rules consider the following questions:
- Which sites should you restrict access to on company devices?
- How will you prevent employees from accessing work data on their personal devices?
- How will you control who has physical access to company devices?
- Will you lock up devices when unattended?
- Will employees be required to update their passwords every three months?
- What is the protocol if a company device is stolen or missing?
Train Your Employees
After you’ve established a company-wide cybersecurity strategy, it’s important to train your employees so they know both what they’re up against and what they can do to protect themselves.
Require your employees to use strong passwords and trusted password managers—this will offer a line of defense between their logins and hackers, making it more difficult for hackers to gain access to their accounts. Also, help educate them on the different types of cybersecurity scams. Doing so will help them spot phishing attempts and other common scams and stop a cyberattack in its tracks.
Use Antimalware and Antivirus Software
While it’s important to educate your employees on how to defend themselves against cyber attacks, some cyber attacks are successful solely because the device in question doesn’t have strong enough defense.
For this reason, you should download antimalware and antivirus software on all company devices—including phones. Once downloaded, continually update each security software. Some antiviruses auto update themselves, which is a helpful tool for SMB owners, since it’ll be one less thing they have to keep track off.
If any employees work from home or travel with their devices, make sure their devices are protected outside of the office network too.
Invest in a VPN
Any investment in cybersecurity for the office will fall by the wayside if one employee working from home gets hacked. Your business’s office should have a virtual private network (VPN) as the first line of defense against cybercriminals. SMBs should consider VPNs for their remote employees as well. VPNs offer remote employees the same level of protection as those in the office.
Since the start of the COVID-19 pandemic, cybercriminals have jumped at the chance to hack remote employees working on home networks.
Protect Mobile and Tablets Devices, Too
SMBs need to consider all company devices when strategizing cybersecurity—not just laptop and desktop computers. Oftentimes, SMB owners won’t think to fortify company phones, iPads, or tablets. Hackers can infiltrate any device, and once they gain access to sensitive company data on one device, that can mean they’ve gained access to the company’s entire network.
To secure company devices, install security apps on phones, encrypt data and use two-factor authentication for all logins. In addition to that, regularly backup company data on spreadsheets, databases and financial files to protect your company in the event of a breach.
Use Cloud Software
It’s important to update your apps and cybersecurity software; that way you know you’re using the most secure software version possible. Hackers continually up the ante and find ways to infiltrate programs. When you use the latest version of your cybersecurity software, you can stay one step ahead (or at least making it more difficult for them to steal your information).
Cloud software is especially helpful because cloud-based applications regularly update themselves. As a result, these apps are more resistant to attacks. And again, because SMB owners juggle multiple tasks at once, auto-updating software ensures that they don’t drop the ball when it comes to updating software.
Encrypt Your Emails
Encryption disguides email content so that unwanted users—a.k.a. hackers—won’t be able to access the information. Encrypting emails won’t guarantee that your emails won’t be breached, but it makes it harder for hackers to infiltrate them. Encrypted emails utilize public key infrastructure (PKI), which uses public and private keys to disguise sensitive information.
With email encryption, companies can send emails via private infrastructure. Private key structures utilize private digital codes wherein a public key encrypts an email, making it unreadable with the private key.
Make Cybersecurity a Priority—Before it Becomes a Problem
If it wasn’t already clear that small and medium-sized businesses are endangered by cybercrime, COVID-19 has made it readily apparent. It takes an average of 197 days for a company to notice a data breach, and by the time an SMB realizes they’ve had a breach, it could mean the end of the business altogether.
Don’t let hackers gain access to your business’s network—prioritize your company’s cybersecurity. Make a plan, train your employees and be diligent about keeping tabs on your devices and softwares.
Between antivirus software and common sense measures, any SMB can mitigate cyber attacks, but it’s important to never let digital security become an afterthought—especially if you don’t think you’re a target.